CWE-20

High likelihood

Improper Input Validation

Parent: CWE-707 - Improper Neutralization

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

12,597 vulnerabilities with CWE-20
CVE-2018-11316 CRITICAL
Sonos Firmware - Unauthenticated Remote Device Control via DNS Rebinding
CVSS 9.6
CVE-2018-11314 CRITICAL
Roku Firmware - Unauthenticated Remote Device Control via DNS Rebinding Attack
CVSS 9.6
CVE-2018-7635 MEDIUM
Whale Browser < 1.0.41.8 - URL Spoofing via Blank Page Title Display
CVSS 5.3
CVE-2018-7787 MEDIUM
Schneider Electric U.motion Builder <1.3.4 - Info Disclosure
CVSS 5.3
CVE-2018-7784 CRITICAL
Schneider Electric U.motion Builder <1.3.4 - Code Injection
CVSS 9.8
CVE-2018-7777 HIGH
Schneider Electric U.motion Builder <1.3.4 - RCE
CVSS 8.8
CVE-2018-4851 HIGH
Siemens SICLOCK TC100 and TC400 - Denial of Service via Network Packet
CVSS 8.2
CVE-2018-10843 HIGH
Openshift Container Platform < 3.7.53 - Privilege Escalation via Source-to-Image Assemble Script
CVSS 8.5
CVE-2018-13056 HIGH
zzcms 8.3 - Arbitrary File Deletion via /user/del.php
CVSS 7.5
CVE-2018-10874 HIGH
Ansible < 2.4.6.0 - Unauthenticated Remote Code Execution via Inventory Variable Injection
CVSS 7.8
CVE-2018-12999 HIGH
Zoho ManageEngine Desktop Central 10.0.255 - Unauthenticated Arbitrary File Deletion via AgentTrayIconServlet
CVSS 7.5
CVE-2018-12988 HIGH
GreenCMS 2.3.0603 - Arbitrary File Download via index.php Media Downfile Parameter
CVSS 7.5
CVE-2018-5528 MEDIUM
BIG-IP 13.0.1/13.1.0.4-13.1.0.7 - Info Disclosure
CVSS 5.3
CVE-2018-3840 HIGH
Pixar Renderman IT Display Service 21.6 - Denial of Service via Network Packet Parsing
CVSS 7.5
CVE-2018-1374 MEDIUM
IBM WebSphere MQ <9.0.5 - Memory Corruption
CVSS 5.3
CVE-2018-12712 HIGH
Joomla! <3.8.9 - Local File Inclusion
CVSS 8.8
CVE-2018-1000607 MEDIUM
Jenkins Fortify CloudScan Plugin <1.5.1 - Arbitrary File Write
CVSS 6.5
CVE-2018-1000533 CRITICAL
GitList <= 0.6.0 - Remote Code Execution via Search Form Input
CVSS 9.8
CVE-2018-1000531 HIGH
prime-jwt < 1.3.0 - JWT Signature Validation Bypass via 'none' Algorithm
CVSS 7.5
CVE-2018-1000523 HIGH
topydo <d4f843dac71308b2f29a7c2cdc76f055c3841523 - Code Injection
CVSS 8.1
CVE-2018-1000205 MEDIUM
U-Boot < 2018.07 - Verified Boot Bypass via Crafted FIT Image
CVSS 5.5
CVE-2018-0529 MEDIUM
Cybozu Office 10.0.0-10.7.0 - Denial of Service
CVSS 4.3
CVE-2018-11046 MEDIUM
Pivotal Operations Manager 2.0.14 and 2.1.x < 2.1.6 - Unpatched NGINX Vulnerabilities
CVSS 6.5
CVE-2018-12703 HIGH
Block 18 - Unverified Callcode Execution in approveAndCallcode Function
CVSS 7.5
CVE-2018-12702 HIGH
Globalvillage ecosystem (GVE) - Unverified Callcode Execution in approveAndCallcode Function
CVSS 7.5
Details
Vulnerabilities 12,597
Exploit Likelihood High